and more in a single search tool across platforms. Read the announcement here. |
01/02/2023 12:07 AM
Hi,
We have a requirement where Saviynt is expected to delete such accounts from Active Directory which have been inactive for a period of 30 days.
AD connector documentation provides an attribute on the connection object by the name REMOVEACCOUNTACTION. It also mentions the following line -
removeAction: Use this attribute to set the action to be performed when accounts are removed. When you do not set to DELETE, the connector performs a hard delete (permanent removal) of account at Active Directory.
The above line says - "when you do not set to DELETE". I have a few questions :
1. What should we then set the removeAccount attribute to if we have to perform the hard delete of AD account ?
2. I checked and found that there is NO option available in the User Update Rules where I can specify the Action as Delete Account.
BUT
There is an option available in the analytics section where I can specify the Action as Delete Account. But, will Saviynt actually generate a Delete Account task for Inactive Accounts ? Because I have also seen this functionality that Saviynt does not generate any task for Inactive Accounts.
Appreciate your help.
Best Regards,
Varun